This year at Microsoft Ignite, Microsoft Defender is announcing exciting innovations for endpoint protection that help security teams deploy faster, gain more visibility, and proactively block attack...

Root detection is a critical security control that identifies whether an Android device has been compromised to gain elevated privileges or unrestricted access to the operating system. When a device ...

As of today, October 14, 2025, Microsoft is officially ending support for Windows 10. This means that Windows 10 devices will no longer receive security or feature updates, nor technical support from...

We’re excited to announce a key milestone in Defender’s multi-tenant management journey—Microsoft Defender for Endpoint security policies can now be distributed across multiple tenants from the Defen...

Network isolation refers to how Microsoft Defender for Endpoint restricts a compromised device’s communication within the network in order to contain threats and prevent lateral movement. But oftenti...

Microsoft has a long-standing relationship with MITRE and holds deep respect for the unique role that the organization plays within the security ecosystem.  MITRE ATT&CK® Evaluations have been instru...

Enhancing macOS security with behavior monitoring  As attackers become more sophisticated in today’s rapidly evolving threat landscape, security strategies must continue to innovate to keep pace. F...

Create and manage global exclusions for Linux  Global exclusions for Microsoft Defender for Endpoint on Linux are now generally available. This will allow security teams to create and manage exclus...

Protecting critical assets  Traditional security solutions often operate in a one-size-fits-all alert model that treats every detection equally, regardless of how important the asset is. But not al...

The rise of tampering attacks In cybersecurity, anti-tampering protection refers to the defensive measures designed to prevent unauthorized modifications to security systems, policies, and settings...